Package: mpv
Version: 0.6.2-2
Severity: normal
Dear Maintainer,
$ mpv --vo=opengl-old:force-pbo=yes any-video.avi
[...]
AO: [alsa] 48000Hz stereo 2ch float
VO: [opengl-old] 1280x720 => 1280x720 yuv420p
mpv: ../ta/ta.c:333: ta_dbg_check_header: Assertion `h->canary ==
0xD3ADB3EF' failed.
$ gdb mpv core
[...]
Program terminated with signal SIGABRT, Aborted.
(gdb) bt
[...]
#5 0xb75c6cf8 in ta_dbg_check_header (h=0xaf4f70cc) at ../ta/ta.c:333
#6 0xb769d59e in ta_dbg_check_header (h=0xaf4f70cc) at ../ta/ta.c:269
#7 get_header (ptr=0xaf4f70ec) at ../ta/ta.c:77
#8 ta_free (ptr=0xaf4f70ec) at ../ta/ta.c:255
#9 0xb768af19 in draw_image (vo=0xb81e2300, mpi=0xb8571730) at
../video/out/vo_opengl_old.c:2007
#10 0xb7683582 in render_frame (vo=<optimized out>) at ../video/out/vo.c:581
[...]
When force-pbo enabled, mpi == &mpi2, so it attempts to free variable on
stack.
Patch attached (tested, works).
Notes:
1) This bug does not affect testing and upstream (--vo=opengl-old was
completely removed since mpv-0.8), only jessie is affected;
2) It can be only triggered by user with --vo=opengl-old:force-pbo=yes
option;
3) It is expected to always die in assert, before triggering heap
corruption, so there should be no security implications.
-- System Information:
Debian Release: 8.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.16.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages mpv depends on:
ii libasound2 1.0.28-1
ii libass5 0.10.2-3
ii libavcodec56 6:11.3-1
ii libavdevice55 6:11.3-1
ii libavfilter5 6:11.3-1
ii libavformat56 6:11.3-1
ii libavresample2 6:11.3-1
ii libavutil54 6:11.3-1
ii libbluray1 1:0.6.2-1
ii libbs2b0 3.1.0+dfsg-2.1
ii libc6 2.19-18
ii libcdio-cdda1 0.83-4.2
ii libcdio-paranoia1 0.83-4.2
ii libcdio13 0.83-4.2
ii libdvdnav4 5.0.1-1
ii libdvdread4 5.0.0-1
ii libegl1-mesa [libegl1-x11] 10.3.2-1
ii libenca0 1.16-1
ii libgl1-mesa-glx [libgl1] 10.3.2-1
ii libguess1 1.2-1
ii libjack-jackd2-0 [libjack-0.116] 1.9.10+20140719git3eb0ae6a~dfsg-2
ii libjpeg62-turbo 1:1.3.1-12
ii liblcms2-2 2.6-3+b3
ii liblircclient0 0.9.0~pre1-1.2
ii liblua5.2-0 5.2.3-1.1
ii libmpg123-0 1.20.1-2
ii libpulse0 5.0-13
ii libquvi7 0.4.1-3
ii libsdl2-2.0-0 2.0.2+dfsg1-6
ii libswscale3 6:11.3-1
ii libuuid1 2.25.2-6
ii libva-glx1 1.4.1-1
ii libva-x11-1 1.4.1-1
ii libva1 1.4.1-1
ii libvdpau1 0.8-3
ii libwayland-client0 1.6.0-2
ii libwayland-cursor0 1.6.0-2
ii libwayland-egl1-mesa [libwayland-egl1] 10.3.2-1
ii libx11-6 2:1.6.2-3
ii libxext6 2:1.3.3-1
ii libxinerama1 2:1.1.3-1+b1
ii libxkbcommon0 0.4.3-2
ii libxrandr2 2:1.4.2-1+b1
ii libxss1 1:1.2.2-1
ii libxv1 2:1.0.10-1+b1
ii zlib1g 1:1.2.8.dfsg-2+b1
mpv recommends no packages.
mpv suggests no packages.
-- no debconf information
Description: Fix assertion with --vo=opengl-old:force-pbo=yes
Origin: vendor
Debian-Bug: http://bugs.debian.org/?
Forwarded: not-needed
Author: Yuriy M. Kaminskiy <yumkam+deb...@gmail.com>
Last-Update: 2015-05-22
Index: mpv-0.6.2/video/out/vo_opengl_old.c
===================================================================
--- mpv-0.6.2.orig/video/out/vo_opengl_old.c
+++ mpv-0.6.2/video/out/vo_opengl_old.c
@@ -1906,6 +1906,7 @@ static void clear_border(struct vo *vo,
static void draw_image(struct vo *vo, mp_image_t *mpi)
{
+ mp_image_t *const orig_mpi = mpi;
struct gl_priv *p = vo->priv;
GL *gl = p->gl;
@@ -2004,7 +2005,7 @@ static void draw_image(struct vo *vo, mp
do_render(vo);
- talloc_free(mpi);
+ talloc_free(orig_mpi);
}
static mp_image_t *get_screenshot(struct vo *vo)
